MUA "automatically signs keys"?
2014-667rhzu3dc-lists-groups at riseup.net
Thu Jan 30 01:04:17 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 29 January 2014 at 7:57:12 PM, in
<mid:6757499.FAIGtOWeFj at mani>, Johannes Zarl wrote:
> Under the assumption
> that an attacker can't reliably do a MITM attack on
> every message that is sent over an extended time
Why would that be assumed? In a corporate setting the MITM could be
placed within the company's network, for a home user their ISP or
email provider could be used, and for mobiles, the phone network.
> , you would place almost no trust in a fresh
> persona-certified key, but high trust in an old and
> frequently encountered key.
The older the key, the greater the opportunity for compromise.
> The trust would grow with
> time (just like the trust into someone you know in real
If a person I knew well in real life were "compromised" they are
likely a poor enough actor for it to be easily-noticed.
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
The second mouse gets the cheese
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users